Review of HIPAA, Part 1: History, Protected Health Information, and Privacy and Security Rules

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted as an administrative simplification to standardize electronic transmission of common administrative and financial transactions. The program also calls for implementation specifications regarding privacy and security standards to protect the confidentiality and integrity of individually identifiable health information or protected health information. The Affordable Care Act further expanded many of the protective provisions set forth by HIPAA. Since its implementation, healthcare organizations around the nation have invested billions of dollars and have cycled through numerous program attempts aimed at meeting these standards. This chapter reviews the process taken by one organization to review the privacy policy in place utilizing a maturity model, identify deficiencies, and lead change in order to heighten the maturity of the system. The authors conclude with reflection related to effectiveness of the process as well as implications for practice.

Download Full-text

Security

Information Systems and Healthcare Enterprises ◽

10.4018/978-1-59904-651-8.ch010 ◽

2011 ◽

pp. 228-273

Author(s):

Roy Rada

Keyword(s):

United States ◽

Health Information ◽

The United States ◽

Protected Health Information ◽

Security Measures ◽

Privacy And Security ◽

Privacy Rule ◽

Global Concern ◽

Covered Entity ◽

Security Rule

Privacy and security of health information is a global concern. However, this chapter will focus on approaches to security in the United States. In particular, the federal regulation of security in the form of the Security Rule will be studied. The HIPAA Security Rule details the system and administrative requirements that a covered entity must meet in order to assure that health information is safe from people without authorization for its access. By contrast, the Privacy Rule describes the requirements that govern the circumstances under which protected health information must be used or disclosed with and without patient involvement and when a patient may have access to his or her protected health information. The implementation of reasonable and appropriate security measures supports compliance with the Privacy Rule.

Download Full-text

Maturing an Information Technology Privacy Program

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch098 ◽

2021 ◽

pp. 2008-2022

Author(s):

Mike Gregory ◽

Cynthia Roberts

Keyword(s):

Information Technology ◽

Health Insurance ◽

Health Information ◽

Maturity Model ◽

Protected Health Information ◽

Healthcare Organizations ◽

Privacy And Security ◽

Security Standards ◽

Financial Transactions ◽

Administrative Simplification

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was initially enacted as an administrative simplification to standardize electronic transmission of common administrative and financial transactions. The program also calls for implementation specifications regarding privacy and security standards to protect the confidentiality and integrity of individually identifiable health information or protected health information. The Affordable Care Act further expanded many of the protective provisions set forth by HIPAA. Since its implementation, healthcare organizations around the nation have invested billions of dollars and have cycled through numerous program attempts aimed at meeting these standards. This chapter reviews the process taken by one organization to review the privacy policy in place utilizing a maturity model, identify deficiencies, and lead change in order to heighten the maturity of the system. The authors conclude with reflection related to effectiveness of the process as well as implications for practice.

Download Full-text

HIPAA Compliance and Training: A Perfect Storm for Professionalism Education?

The Journal of Law Medicine & Ethics ◽

10.1177/1073110516684812 ◽

2016 ◽

Vol 44 (4) ◽

pp. 652-656 ◽

Cited By ~ 1

Author(s):

Julie L. Agris ◽

John M. Spandorfer

Keyword(s):

Health Information ◽

Protected Health Information ◽

Critical Education ◽

Privacy And Security ◽

Training Requirements ◽

Hipaa Compliance ◽

And Training ◽

Perfect Storm

The HIPAA Rules continue to support and bolster the importance of protecting the privacy and security of patients' protected health information. The HIPAA training requirements are at the cornerstone of meaningful implementation and provide a ripe opportunity for critical education.

Download Full-text

Organizational Repertoires and Rites in Health Information Security

Cambridge Quarterly of Healthcare Ethics ◽

10.1017/s0963180108080560 ◽

2008 ◽

Vol 17 (4) ◽

pp. 441-452 ◽

Cited By ~ 6

Author(s):

TED COOPER ◽

JEFF COLLMANN ◽

HENRY NEIDERMEIER

Keyword(s):

Information Security ◽

Health Information ◽

Data Security ◽

Patient Portal ◽

Protected Health Information ◽

Privacy And Security ◽

Kaiser Permanente ◽

Unauthorized Access ◽

Security Breaches

The privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 emphasize taking steps for protecting protected health information from unauthorized access and modification. Nonetheless, even organizations highly skilled in data security that comply with regulations and all good practices will suffer and must respond to breaches. This paper reports on a case study in responding to an important breach of the confidentiality and integrity of identifiable patient information of the Kaiser Internet Patient Portal known as “Kaiser Permanente Online” (KP Online). From the perspective of theories about highly reliable organizations, effective health information security programs must respond resiliently to as well as prospectively anticipate security breaches.

Download Full-text

A DICOM dataset for evaluation of medical image de-identification

Scientific Data ◽

10.1038/s41597-021-00967-y ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

Michael Rutherford ◽

Seong K. Mun ◽

Betty Levine ◽

William Bennett ◽

Kirk Smith ◽

...

Keyword(s):

Health Information ◽

National Cancer Institute ◽

Medical Image ◽

Cancer Imaging ◽

Protected Health Information ◽

Dicom Standard ◽

Clinical Imaging ◽

X Ray ◽

Evaluation Dataset ◽

Data Elements

AbstractWe developed a DICOM dataset that can be used to evaluate the performance of de-identification algorithms. DICOM objects (a total of 1,693 CT, MRI, PET, and digital X-ray images) were selected from datasets published in the Cancer Imaging Archive (TCIA). Synthetic Protected Health Information (PHI) was generated and inserted into selected DICOM Attributes to mimic typical clinical imaging exams. The DICOM Standard and TCIA curation audit logs guided the insertion of synthetic PHI into standard and non-standard DICOM data elements. A TCIA curation team tested the utility of the evaluation dataset. With this publication, the evaluation dataset (containing synthetic PHI) and de-identified evaluation dataset (the result of TCIA curation) are released on TCIA in advance of a competition, sponsored by the National Cancer Institute (NCI), for algorithmic de-identification of medical image datasets. The competition will use a much larger evaluation dataset constructed in the same manner. This paper describes the creation of the evaluation datasets and guidelines for their use.

Download Full-text

HIPAA Hoopla: Privacy and Security of Identifiable Health Information

The Journal of School Nursing ◽

10.1177/10598405010170060901 ◽

2001 ◽

Vol 17 (6) ◽

pp. 336-341 ◽

Cited By ~ 2

Author(s):

Martha Dewey Bergren

Keyword(s):

School Districts ◽

Health Information ◽

Family Health ◽

School Nurses ◽

Information Resources ◽

Student Health ◽

Privacy And Security ◽

Privacy Act ◽

The Family ◽

Health Information Resources

The privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA) are changing the standards for how identifiable health information is handled. This article explains HIPAA and how it interacts with the Family Educational Right to Privacy Act. The advent of HIPAA and the attention given to privacy and security of identifiable health information provides the opportunity for school nurses, school districts, and administrators to revisit and update how they handle student health information. Resources to assist in establishing policies, procedures, and practices that protect student and family health information are identified.

Download Full-text

Social media engagement tactics in U.S. community policing: Potential privacy and security concerns

The Police Journal Theory Practice and Principles ◽

10.1177/0032258x20968588 ◽

2020 ◽

pp. 0032258X2096858

Author(s):

Alexander E Carter ◽

Mariea Hoy ◽

Betsy Byrne DeSimone

Keyword(s):

Social Media ◽

Law Enforcement ◽

Health Information ◽

Community Policing ◽

Future Research ◽

Online Relationships ◽

Privacy And Security ◽

Research Directions ◽

Personally Identifiable Information ◽

Future Research Directions

Despite law enforcement’s best efforts to use social media as a means of community policing, some engagement tactics may lead citizens to disclose personally identifiable information (PII). We coded 200 tweets with the popular #9PMRoutine that tagged @PascoSheriff (Florida) for participant PII. We found numerous postings of adults’ and children’s PII that are problematic including pictures, health information and security-related comments about their routines or vacations. Implications for law enforcement to protect their communities are discussed as well as opportunities to continue to cultivate their online relationships in a more secure forum. We also provide future research directions.

Download Full-text

Geocoding-protected health information using online services may compromise patient privacy - Comments on “Evaluation of the positional difference between two common geocoding methods” by Duncan et al.

Geospatial health ◽

10.4081/gh.2012.132 ◽

2012 ◽

Vol 6 (2) ◽

pp. 157 ◽

Cited By ~ 2

Author(s):

Sunny Mak

Keyword(s):

Health Information ◽

Protected Health Information ◽

Patient Privacy ◽

Online Services

Download Full-text

Robust Security for Health Information by ECC with Signature Hash Function in WBAN

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v11.i1.pp256-262 ◽

2018 ◽

Vol 11 (1) ◽

pp. 256

Author(s):

G. Sridevi Devasena ◽

S. Kanmani

Keyword(s):

Health Information ◽

Key Management ◽

Hash Function ◽

Data Communication ◽

Public Key Cryptography ◽

Protected Health Information ◽

Body Area ◽

Efficient Data ◽

Body Parameters ◽

Secure Transmission

<p>Wireless Body Area Networks (WBANs) are fundamental technology in health care that permits the information of a patient’s essential body parameters to be gathered by the sensors. However, the safety and concealment defense of the gathered information is a key uncertain problem. A Hybrid Key Management (HKM) scheme [13] is worked based on Public Key Cryptography (PKC)-authentication scheme. This scheme uses a oneway hash function to construct a Merkle Tree. The PKC method increase the computational complexity and lacking scalability. Additionally, it increases expensive computation, communication costs and delay. To overcome this problem, Robust Security for Protected Health Information by ECC with signature Hash Function in WBAN (RSP) is proposed. The system employs hash-chain based key signature technique to achieve efficient, secure transmission from sensor to user in WBAN. Moreover, Elliptical Curve Cryptography algorithm is used to verifies the authenticate sensor. In addition, it describes the experimental results of the proposed system demonstrate the efficient data communication in a network.</p>

Download Full-text